Reducing the Risk

Strengthening physical security systems again cyberattacks in the public sector

  • By Justin Himelberger
  • May 31, 2022

Recent statistics highlight the rise of cyberattacks in the public sector. In its latest Internet Crime Report, the FBI stated that they received nearly 2,500 ransomware complaints in 2020. And, the Identity Theft Resource Center reports that, as of September 2021, the year-to-date total number of data compromises related to cyberattacks was already 27% higher than for all of 2020. For the public sector, cybersecurity has become a top priority.

IT teams at all levels of government are understandably concerned about how vulnerable their networks are to these disruptive and costly cyberattacks. But government organizations aren’t the only targets. The K-12 Cybersecurity Resource Center 2020 Year in Review Report found that K-12 schools experienced more than 400 cyber incidents in 2020, up 18% from the previous year.

For organizations in the public sector—including governments and schools—the question is how to reduce the risk of cyberattacks. The first step in addressing the situation is determining how cybercriminals are gaining access.

Understanding Network Vulnerabilities
There are several ways that cybercriminals can gain access to an organization’s network. An employee can click on a link in a phishing email. A default application password can remain unchanged. Or a network-connected device can be inadequately protected.

It is important to remember that these devices include elements in a physical security system. Cameras as well as door controllers and their monitoring systems can all pose cybersecurity risks.

Unfortunately, the risks associated with under-protected network devices has increased during the COVID-19 pandemic. As millions of people began working from home, organizations faced new challenges around protecting their spaces.

According to Morgan Wright, a Center for Digital Government (CDG) Senior Fellow, “When fewer people are working in buildings, organizations need more technology to maintain physical protection.”

Many organizations deployed additional cameras and other technology to keep an eye on their environments and assets and also implemented measures to protect the devices themselves. But, while their goal was greater security, their focus was frequently limited.

“When it comes to protecting physical security devices, too often the worry is about damage or theft, not that they can be used as an entry point from ransomware,” Wright said.

Organizations in the public sector need to think about how they deploy physical protection technologies so they can better control access to sensitive and restricted areas and, at the same time, increase the cybersecurity of their networks. They need to look at deploying new technologies, establishing new staff roles, and implementing new practices that will strengthen both physical and cybersecurity.

The Risks Associated with Security Devices
Physical security devices are purpose-built to help keep people, assets and environments safe. In the face of rising cybercrime, organizations have to expand their view of security. Most cyberattacks are not intended to compromise physical safety. Instead, they target applications, files and data managed by IT departments. An attack that originates in a camera can find its way through an organization’s network to block access to critical applications, lock and hold files for ransom, or steal personal data from employees, students, program clients, and residents.

One major challenge is that many public sector organizations continue to use older model cameras and door controllers. With their limited security capabilities, these devices, especially cameras, can present significant risk. Organizations in the public sector tend to replace these devices only when absolutely necessary or when their capital costs can be fully amortized. These are not effective strategies.

“Today’s hackers know that certain security devices are easy to take over and use as an entry point to a connected network,” Wright said. “This means that security cameras and access control systems need to be considered critical network devices. They need to receive a high level of protection and monitoring for both operations and cybersecurity.”

The good news is that the public sector is beginning to realize how internet-connected security cameras and door controllers can give hackers easy access to their networks. At the same time, IT departments are becoming increasingly aware of the risks that inadequately protected devices can pose when connected to their networks. The problem is that historically, IT has had limited visibility and control over an organization’s security devices.

Unifying Physical and Cybersecurity
Currently, many organizations in the public sector approach physical security and IT as separate. But the growing cyber risks that physical security technologies can present mean that this needs to change.

In the United States, the Cybersecurity and Infrastructure Security Agency (CISA) recommends joining IT and physical security into a single, integrated team. As a single team, they can better focus on developing a comprehensive security program that is based on a common understanding of risk, responsibilities, strategies, and practices. Wright agrees with this recommendation, saying “Physical security needs to be integrated into the network security team and not viewed as an ancillary function.”

According to CISA, there are several benefits to this approach. First, it would provide a more holistic view of security threats across the organization, which can lead to improved information sharing and threat response preparation. In addition, by implementing unified policies and shared practices, organizations would be able to achieve greater flexibility and resilience.

Starting with what is Already in Place
The first step towards better protecting a physical security system against cyberattacks is conducting a current posture assessment, which will help identify specific devices of concern. The assessment process allows an integrated IT and physical security team to focus on:

  • Creating an up-to-date inventory of all network-connected cameras, door controllers, and associated management systems performing a thorough vulnerability assessment of all connected physical security devices to identify models and manufacturers of concern
  • Consolidating and maintaining detailed information about each physical security device, including connectivity, firmware version, and configuration
  • Improving network design as needed to segment older devices and reduce potential for crossover attack
  • Identifying all users who have knowledge of physical security devices and systems and then documenting that knowledge for broader use and retention.

Once the assessment is complete, the team can then move to reviewing the necessary changes that need to be made.

The Next Phase in Protecting Network Security
After assessing an organization’s current physical security, the team should produce a review of required improvements for individual devices as well as the entire system. These improvements can include ensuring that all network-connected devices are managed by IT network and security monitoring tools as well as implementing end-to-end encryption that protects video streams and data in transit and in storage.

Organizations can also think about strengthening protection measures by improving existing configurations and management practices for physical security devices. This could require using secure protocols for connecting devices to the network, disabling access methods that don’t support a high level of security protection, verifying configurations of security features and alerts, and replacing defaults with new passwords that must be changed on a regular and verified schedule.

Another option for protecting network security is to enhance access defenses with a layered strategy that includes multifactor access authentication and defined user authorizations. Organizations can also improve update management by defining who is responsible for tracking updates availability, and for vetting, deploying and documenting updates on all eligible systems and devices.

Developing a Replacement Strategy
Ultimately, this review can help determine which devices and systems should be replaced because they present a high cyber risk. When it comes to developing replacement programs, organizations in the public sector need to prioritize strategies that support modernization for both physical and cybersecurity. One effective approach is to unify physical and cybersecurity devices and software on a single, open architecture platform with centralized management tools and views.

Replacement programs can also focus on cybersecurity features, including data encryption and anonymization that are built into a device’s firmware and management software. Another important consideration is looking at a vendor’s capabilities to support a solution lifecycle of up to 10 years, including ongoing availability of updates for firmware and management system software.

In the United States, federal funding may be available to help cover some of the costs associated with replacement programs. The 2021 Investment and Jobs Act includes $1billion in funds, managed by the Department of Homeland Security, designed to help state and local governments modernize their cybersecurity.

With the number of cyberattacks increasing around the world, it is becoming clear that the public sector needs to implement effective cybersecurity improvements to their IT networks. An important step towards reducing the cybersecurity risks associated with physical security devices is to integrate physical security and IT and develop a coordinated strategy for hardening systems.

Featured

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services

  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

  • Report: AI is Supercharging Old-School Cybercriminal Tactics

    AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

Most   Popular

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities